You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

Overview of No Code Flows

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

EmpowerID's No Code Flows, or Business Request Flows, are designed to equip administrators with a user-friendly model for managing complex business processes. These could range from onboarding new staff, overseeing department transitions, or processing employee departures. Such tasks often involve a precise sequence of steps that can be laborious to monitor and schedule within specific time periods. While useful for bulk processing, traditional workflows may not provide the level of detail required for these multifaceted operations. This is where No Code Flows excel, offering a comprehensive framework for managing such activities while eliminating the need for coding for administrators.

The traditional approach to creating new workflows can be both time-consuming and resource-intensive. Additionally, the absence of a continuation feature in the event of workflow interruption can result in process inefficiencies. No Code Flows address these issues by providing a streamlined method for executing intricate business processes without coding.

Components of No Code Flows

No Code Flows is a comprehensive platform with several components, each crucial for automating business processes. These components include Flow Events, Flow Items, Flow Definitions, and Flow Policies and, by extension, include Business Request Types and Approval Flow Policies. Flow Events define the conditions that trigger the process, Flow Items are the activity steps in the process, Flow Definitions are the templates that define the process, and Flow Policies are the rules that regulate the process. Together, these components empower businesses with the ability to automate their business processes in an efficient and logical way. Let’s take a deeper look at these components.

Flow Definitions

Think of a Flow Definition as a set of instructions. It's a container that houses one or more Flow Items, which are steps the system follows to react to a particular event. These definitions help administrators design and oversee their business operations by detailing what happens when specific events occur, such as when an employee leaves the company (aka, a "Person Leaver" event).

Flow Items

Flow Items form the crux of EmpowerID's No Code Flows feature, representing specific tasks or actions to be performed within a Flow Definition. They are the steps triggered by a Flow Event, each designed to handle a particular facet of the event response. In the example of a "Person Leaver" Flow Definition, these tasks could include actions like "Remove this person from all groups" and "Disable all accounts belonging to this person."

Flow Items contain several parameters that together form a directive for the system. These parameters define the specific action, the target, and the scope of resources it should affect.

Item Type Action

Accompanying each Flow Item is an associated Item Type Action, which elucidates the exact task to be performed. For instance, “Bulk Remove Person Group Membership” might be an Item Type Action assigned to a Flow Item. This action suggests that, as part of responding to a specific Flow Event, the system should remove a person from multiple group memberships.

Item Type Scope

Alongside the Item Type Action, each Flow Item also possesses an Item Scope Type. This parameter determines the range within which the Item Type Action will execute. For example, “All Non-RBAC Group Accounts for Person” could be an Item Scope Type. This suggests that the “Bulk Remove Person Group Membership” action would apply to all group accounts associated with a person not managed by Role-Based Access Control (RBAC).

Item Collection Query

In addition to Item Type Action and Item Scope Type, Flow Items also incorporate an Item Collection Query. This parameter is an SQL statement that the system executes against specific resource types to gather resources related to the Flow Item and the Item Scope Type. For example, within a Flow Item labeled "Disable All Person Accounts" with an Item Scope Type of "All Accounts for Person," the query retrieves all user accounts owned by the individual who is the subject of the Flow Item.

In effect, the Flow Item, the Item Type Action, the Item Scope Type, and Item Collection Query collectively form an instruction for the system. They define what action to take, where to apply it, and the scope of resources it should impact. Administrators can construct complex, automated workflows that respond effectively to various Flow Events by stringing together multiple Flow Items within a Flow Definition.

Flow Events

Flow Events are pivotal to EmpowerID's No Code Flows feature, acting as triggers that initiate pre-defined sequences of actions (Flow Definitions) governed by certain rules (Flow Policies). They signify specific incidents or conditions within an organization's environment, prompting a systematic response to effectively manage business processes. When an event is triggered, it is sent to the Flow Event Inbox, a queue-like structure that holds the events before the system processes them.

Examples of Flow Events might include “MailboxDiscovered,” “AccountTakeover,” or “PersonLeaver.” Each one represents a unique scenario that requires specific actions.

Here’s a closer look at each of the above-mentioned examples:

MailboxDiscovered

In the context of managing user identities and resources, discovering a new mailbox is an event that may trigger a series of actions. For instance, you might have a Flow Definition that involves verifying the new mailbox, adding it to certain distribution lists, or setting up appropriate security and access controls. The corresponding Flow Policy would then dictate when and how these actions should occur.

AccountTakeover

The “AccountTakeover” event is a critical security-related trigger. This event could signify potential unauthorized access or control over an account. To detect this event, the No Code Flow may involve suspending the account, notifying security teams, initiating an investigation, or implementing additional security measures. The corresponding Flow Policy would govern the specifics of these reactions.

PersonLeaver

The “PersonLeaver” event is triggered when an individual, such as an employee or a contractor, leaves the organization. In response to this event, a No Code Flow might involve disabling the person's account, removing them from groups, archiving their emails, or revoking access to company resources. Again, a corresponding Flow Policy would dictate the sequence and conditions under which these actions should be executed.

Flow Policies

Within the No Code Flows framework of EmpowerID, Flow Policies are the command center that connects specific events to appropriate automated actions, leveraging the power of Flow Definitions.

Flow Policies: The Rule Set

Flow Policies essentially constitute the rule set of No Code Flows. They define which Flow Definitions (i.e., the sequence of Flow Items) should be triggered based on the occurrence of particular Flow Events. The policies allow multiple rules to be defined for the same event, providing flexibility and responsiveness to dynamic organizational needs.

For example, an organization might have different procedures for when an internal employee leaves versus when an external consultant's contract ends. A Flow Policy can be set up for “internal leavers,” which triggers a specific set of Flow Items, like disabling access to certain internal systems, while a different policy could be set for “external leavers,” which could trigger another set of Flow Items, like revoking temporary access rights.


Customizable to Your Organization's Needs

One of the key strengths of Flow Policies lies in their adaptability to an organization's specific requirements and policies. A company can define a wide range of Flow Policies to respond to numerous different Flow Events, each with its unique sequence of Flow Items defined by the respective Flow Definition. This ensures the appropriate automated response is carried out swiftly and efficiently, aligning with organizational practices and requirements.

Flow Policies and Flow Definitions: A Unified System

Flow Policies and Flow Definitions operate in unison to effectively manage business process orchestration. The Policies determine 'what' should happen in response to a specific event, while the Flow Definitions elaborate on 'how' it should happen. Together, they provide a comprehensive yet simplified, no-code framework for automated task execution.

The concept of Flow Policies, therefore, not only simplifies process management but also ensures that an organization’s response to events is consistent, reliable, and in line with its broader operational policies. As a component of EmpowerID's No Code Flows, Flow Policies represent a step forward in the intersection of process automation and identity management.

Business Requests

A Business Request is generated when an event triggers a flow. It represents a formal request to execute the actions defined in the flow.

Business Request Items

These are the individual tasks or actions that need to be executed as part of a Business Request. They are generated based on the flow definition, and each holds data related to the request, such as request data, assignee ID, and resource ID. Each item is processed independently in the order defined in the flow. Items at the beginning of the flow are executed first. If an item depends on the completion of another item, it will not be executed until the dependent item is completed.

Approval Flow Policies

If the Business Request is linked to an Approval Flow policy, the request routes for approval based on the assigned policies.

Fulfillment Workflows

Fulfillment workflows define the process when a request item is approved or rejected. For approval, the workflow specifies how to execute the associated action. For rejection, the workflow defines the process that should occur.

Flow Execution Process

The Flow execution process in a No Code Flow involves the following steps:

  1. The flow initiates with an event, such as “Person Mover.”

  2. The event is added to the Event Inbox.

  3. The applicable policies determine the flows that need to be run. These flows are then added to the Flow Inbox.

  4. Once in the Flow Inbox, each flow awaits processing.

  5. Upon processing, each flow creates a Business Request. This Request consists of multiple Business Request Items, which are individual tasks to be performed.

  6. Each Business Request Item represents an action to be performed. This could range from adding the resource to a group to disabling the resource.

  7. The sequence and timing of the Business Request Items are managed through the Flow Definition.

  8. Upon completion, each Business Request Item is sent to the Business Request Fulfillment engine, which executes the tasks.

  • No labels